https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19121
Bug ID: 19121
Summary: Prevent XSS in the Staff Client and the OPAC - bis
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: ASSIGNED
Severity: normal
Priority: P5 - low
Component: Architecture, internals, and plumbing
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
On bug 13618 we tried to escape variables at template level: all variables were
escaped using Template::Stash::AutoEscaping::Escaped::HTML::escape
It works well, but unfortunately it leads to performance issues (see bug
15715). Indeed in some scripts, 70k variables are displayed
Another approach would be to escape variables when they are sent to the
scripts. We will get only 1 call per variable passed to the script and we will
not escape unnecessarily variables several times, or variables coming from the
DB (maybe we will need a script to clean the data?)
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
